Bug 88136 - redhat-config-security level interface is confusing
Summary: redhat-config-security level interface is confusing
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: redhat-config-securitylevel
Version: 9
Hardware: All
OS: Linux
medium
low
Target Milestone: ---
Assignee: Brent Fox
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2003-04-06 15:45 UTC by Darren Brierton
Modified: 2007-04-18 16:52 UTC (History)
0 users

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2003-05-20 19:24:28 UTC
Embargoed:


Attachments (Terms of Use)

Description Darren Brierton 2003-04-06 15:45:13 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 Galeon/1.2.7 (X11; Linux i686; U;) Gecko/20030131

Description of problem:
If, like me, one does not understand very much about firewalls, the UI of
redhat-config-securitylevel is a little confusing: if you select "Customize"
instead of "Use default firewall rules" which takes precedence - "Trusted
devices" or "Allow incoming"?

Take this scenario: I don't want any connections from outside at all, but I run
VMware and want VMs to be able to access Apache on the host without allowing
HTTP requests from outside my machine to be allowed. If eth0 is not selected as
a trusted device but HTTP is selected for allow incoming, and an HTTP request
comes from eth0 which wins out? Similarly if vmnet0 is selected as a trusted
device but HTTP is not selected for allow incoming and an HTTP request comes
from vmnet0 what happens?

Version-Release number of selected component (if applicable):
1.1.1-3

How reproducible:
Always

Steps to Reproduce:
1. Start redhat-config-securitylevel
2. Select Customize
3. Become confused
    

Actual Results:  Nagging worry that I have opened a giant security hole in my
machine

Expected Results:  Warm fuzzy feeling and sense of well-being that my firewall
is configured correctly

Additional info:

Comment 1 Need Real Name 2003-04-10 17:58:59 UTC
88388 is closed, but says a similar thing.

Comment 2 Brent Fox 2003-05-20 19:24:28 UTC
In general, the "Customize" part of any user interface assumes that the user
knows enough to make manual changes to override the default settings.  

I think that the documentation for this tool adaquately explains the choices
that the "Customize" mode presents.
http://www.redhat.com/docs/manuals/linux/RHL-9-Manual/custom-guide/ch-basic-firewall.html#S1-BASIC-FIREWALL-SECURITYLEVEL

I agree that the user interface layout could be improved.  However, there's only
so much that the interface can do to explain a concept as complicated as
firewalls to a user who is not familiar with them.



Note You need to log in before you can comment on or make changes to this bug.